This privacy statement was last updated on May 1, 2024.
ABOUT FÁILTE IRELAND
Fáilte Ireland is the National Tourism Development Authority, set up by the National Development Authority Act, 2003, with our main office located at 88-95 Amiens Street, Dublin 1, Ireland. Referring to ourselves below as the "Authority", "we", "our", or "us". When you share your personal data with us, we act as the Data Controller, which means we are responsible for how your data is processed. At the end of this Privacy Statement, you will find some definitions of certain key concepts used in this Statement and which are capitalised (Data Controller, Data Processor and Processing).
Our main goal is to support the tourism industry and to help promote Ireland as a tourist destination. We respect your privacy and are committed to protecting your personal data, aiming for transparency in how we handle it.
SUMMARY
This Privacy Statement outlines how we collect, use, and store your data, our legal reasons for doing so, and how long we keep your data. It also covers your rights regarding your personal data. We handle your information in compliance with the General Data Protection Regulation (GDPR), the Data Protection Act, 2018, and other relevant Irish or EU data protection laws. This statement is meant to give you a clear understanding of our data processing practices and how we treat your personal data.
RETAINING YOUR DATA
We will only store personal data for as long as necessary for the purposes for which it was obtained. The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship and/or provide our services.
- Whether there is a legal requirement to which we are subject; and
- Whether the retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
We will keep personal data contained in application files in line with our Retention Schedule. It will be retained in a secure environment and access to it be restricted.
INFORMATION THAT WE COLLECT
Activity: CCTV Images
Type of personal data: your image
What we use your data for: It is installed for the purposes of crime prevention at some of the venues we work in/operate. Where this is used, we will display appropriate notices.
Lawful basis: Legitimate Interest (Article 6(1)(f)).
Retention: Recorded images will be stored for a period of 1 month, following which they will be deleted, except in a case where the recording forms part of a report made to the Health and Safety Authority following the occurrence of a reportable accident or dangerous occurrence in the workplace, in which case the recording will be retained for a period of 10 years.
Activity: Photos and videos of you
Type of personal data: first name, surname, email address and mobile number.
What we use your data for: Fáilte Ireland and Tourism Ireland will be using photographs and/or digital recordings including images of you to promote Ireland as a tourism destination.
Lawful basis: Lawful Basis is Consent (Article 6(1)(a)).
Retention: Adults: We will retain your personal data for a total of 7 years or until you withdraw your consent, whichever occurs first. Children (under 16): We will retain your personal data for a total of 5 years or until you withdraw your consent, whichever occurs first.
Activity: Communicating with you to answer your tourism related queries
Type of personal data: first name, surname, email address and mobile number and telephone recording.
What we use your data for: Customer Service Telephone Recordings may only be used for the specified purposes, i.e., to monitor the quality of call handling and customer service that they deliver. Staff training, coaching and support. To verify what was said during a phone call if there is a dispute or complaint. To protect staff from abusive behaviour.
Lawful basis: Legislative Mandate
Retention: Recordings of calls will be disposed of after 6 months. However, if there is a justified need to retain a specific recording for a longer period, this may be reviewed, and the retention period amended.
Activity: Photographic images of members of the public and children
Type of personal data: As per the Imagery Consent Form, your first name, surname, signature email address and mobile number will be recorded.
What we use your data for: We collect and process photographic images where relevant to the public services we provide in our role as the National Tourism Development Authority, for example, to demonstrate and evidence the events that Fáilte Ireland runs and supports and largely involving members of the public. The posting of photographs online and through social media is necessary as it is the best way to attract a user’s attention and to reach a wide-ranging audience.
Please see:
Lawful basis: Lawful Basis is Consent (Article 6(1)(a)). Your participation is entirely voluntary and there is no obligation on you to consent to have your voice or image captured. No fee will be paid to you for taking part.
Retention: 7 years or until the individual withdraws their consent (whichever occurs first). The retention for minors (i.e., under the age of 16) is 5 years or until consent is withdraws (whichever occurs first).
Activity: Sending you marketing emails and SMS
Type of personal data: (required) first name, last name, email address, country of residence; (optional) mobile number, county (on island of Ireland)
What we use your data for: To send you Fáilte Ireland’s Discover Ireland and Visit Dublin marketing communications, like emails, related to travel and activities in Ireland.
Lawful basis: Lawful Basis is Consent (Article 6(1)(a)), when you sign up to marketing communications you will give consent by checking the tick box acknowledging you have read this Privacy Statement and clicking the submit button.
Retention: If you do not continually open / engage with our email or SMS for 2 years, we will automatically anonymise your personal data.
If you unsubscribe from our email, we place your personal data in a holding area for a period of 1 year.
You can manage your marketing permissions by clicking the link at the bottom of the emails, or opt-out of SMS marketing directly by replying STOP to any message you receive from us.
Additionally, if you submit Personal Data relating to other people – such as your friends and/or family – you are also deemed to be representing that you have the authority to do so and permit us to use their Personal Data for the purposes described in this Privacy Statement.
INFORMATION THAT WE COLLECT (EMAIL NEWSLETTERS)
We collect your information in the ways set our below:
- The email sign-up forms on our websites;
- At events or gatherings organised by Fáilte Ireland;
- When you sign-up to be surveyed about our newsletters; and
- The sign-up forms on our social media pages.
When you provide your e-mail address to receive our newsletter, or your mobile number to receive messages, some information is collected about when/if the message was opened and what links were clicked. This information is used to assess the engagement and success of the campaign. Clicking on a link in any of these messages may cause you to be personally identified on our site and may cause some part of your past browsing history on our site to be available to our personnel for performance measurement purposes. This is so that we may more effectively engage with you and improve our site. If you do not wish this tracking to occur, you can unsubscribe from our mailings or choose not to accept browser cookies to avoid tracking. Additionally, you use private browsing mode on your web browser to avoid certain types of tracking.
In our email newsletters we use invisible 1x1 pixel tags, known as ‘clear pixels’. We use these clear pixels to send our messages in an easy-to-read format and to tell us whether our e-mail has been opened or not. We also use this information in aggregated form to give us an indication of the popularity of content and to help us make decisions about future content and formatting. For more information on our use of clear pixels, please see our Cookie Policy.
We use third-party providers, Microsoft Dynamics and Bloomreach to deliver our email newsletter. As a part of Microsoft Dynamics and Bloomreach services, they collect statistics around e-mail opens and clicks using industry-standard technologies.
INFORMATION COLLECTED FOR PERSONALISATION & INTEREST BASED ADVERTISING
We may use the information collected from the consumer websites to improve and personalise our services on the aforementioned websites. This ensures content from our platforms is presented in the most effective manner and allows us to make recommendations to you and other users of our platforms about content that may interest you or them.
Personalised Advertising
Fáilte Ireland uses third-party ad-serving companies, such as Google and Facebook, to display personalised advertising. Personalised ads, also sometimes referred to as Interest-based ads or targeted ads, are displayed to you based on information gathered from your interaction with us or your interaction with the third-party websites and services.
We may use your personal data such as your email address, mobile phone number and other information collected in accordance with this Privacy Notice to provide interest-based ads to you on third-party websites, or to ensure that you do not see advertising or offers from Fáilte Ireland that are not relevant to you. This is necessary to achieve our legitimate interest in ensuring recommendations offered are appropriate.
You are automatically opted into Fáilte Ireland’s Personalised Advertising when you sign up to our database. You can opt out of this data processing and usage via the same ‘Unsubscribe’ link in the footer of the emails. However, this may result in you seeing more online advertising and less relevant content.
You can also find out more about how your personal data may be used in connection with advertising on the third-party websites and options for opting out through the individual privacy policies of each third-party. These privacy policies are available on their respective websites. Fáilte Ireland is not responsible for consent you may have provided to these third-party entities and any issues should be reported directly to the respective service provider.
CHILDRENS’ DATA
We do not knowingly collect personal information from children without proper parental consent. If you are aged 18 or under, please get your parent/guardian’s permission before you provide any personal information to us. Users without this consent are not allowed to provide us with personal information. If you believe that we may have collected personal information from someone under the age of 18 without parental permission, please let us know using the methods described in the ‘Contact Us’ section and we will investigate and address the issue promptly.
USE OF OUR WEBSITES
Our website uses certain cookies, please see below:
BEHAVIOURAL MARKETING
We may from time-to-time use Meta Advertising, Meta Pixel Re-Marketing and communications. This tool allows us to understand and deliver ads and make them more relevant to you. The collected data remains anonymous, and we cannot see the personal data of any individual user.
Please note however, that the collected data is saved and processed by Meta. Meta may be able to connect the data with your Meta account and use the data for their own advertising purposes, for example, to auto-fill forms for ads. Please see Meta's Data Policy for more info. Meta has ultimate control of the information gathered through Meta Advertising, Meta Pixel Re-marketing and communications. You can opt out of Meta’s use of Cookies and Meta Pixel Re-marketing through settings on your Meta Account.
This tracking code monitors user behaviour on our website, which allows us to use the Google Ads and Meta advertising platforms to send targeted personalised ads to website visitors on the Google and Meta network of advertising partner websites after they leave our site.
The privacy policies and guidance published by the Social Media Networks apply to your use of Fáilte Ireland’s social media channels and we encourage you to read the one that is published on each social media network that you use, as these make important disclosures about how the social media networks separately from Fáilte Ireland collect, hold and may use your content and information. This Privacy Statement explains how Fáilte Ireland may use the information that you provide when using Fáilte Ireland’s social media channels.
Fáilte Ireland uses third-party service providers to help deliver its marketing communications. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions. Our third-party service providers access our system for the purposes of providing you with our newsletter. When we use third party service providers (digital agencies), we disclose only the personal information that is necessary to deliver the service. If you would like to know more about our suppliers, please feel free to e-mail us at dataprotection@failteireland.ie.
LINKED SERVICES, THIRD-PARTY SITES AND CONTENT
In some of our articles, videos, emails and blogs, we may reference other websites and provide links which are outside of our control. This Privacy Statement does not cover these other websites and links. Fáilte Ireland does not accept any responsibility or liability for other sites’ privacy notices, statements, or policies. If you access other websites using the links provided, please read their specific notices before submitting any of your personal information. Please refer to YouTube’s Terms of Service, Google's Privacy Policy and Meta's Data Policy.
SOCIAL MEDIA
Fáilte Ireland also receives personal data through its social media interactions on X (formally known as Twitter), LinkedIn, Instagram and Meta. Fáilte Ireland operates social media accounts on these platforms in support of its functions under Section 8 (1) (a) of the National Tourism Development Authority Act, 2003 is to “encourage, promote and support…the development of tourist traffic within and to the State” and “to encourage, promote and support…the development and marketing of tourist facilities and services in the State.” Under Section 8 (2)(a)(i) Fáilte Ireland is permitted to engage in advertising and sponsorship and any other form of publicity for the purposes of Section 8 (1)(a). Messages or posts received by Fáilte Ireland on these social media platforms are viewed by Fáilte Ireland, but the personal data contained in the messages/posts is not logged or stored other than on the relevant social media platform, and no further processing of such personal data is carried out by Fáilte Ireland.
YOUR RIGHTS
Right of access – you have the right to request a copy of the information that we hold about you in accordance with Article 15 GDPR.
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete in accordance with Article 16 GDPR.
Right of erasure – in certain circumstances, you can ask for the data we hold about you to be erased from our records in accordance with Article 17 GDPR.
Right to restriction of processing – where certain conditions apply to have a right to restrict the processing in accordance with Article 18 GDPR.
Right to portability – this cannot be facilitated because there is only one National Tourism Authority in the Republic of Ireland.
Right to object – you have the right to object to certain types of processing such as, direct marketing in accordance with Article 21 GDPR.
TO ACCESS WHAT PERSONAL DATA IS HELD, IDENTIFICATION WILL BE REQUIRED
To access a copy of your personal data that is held by Fáilte Ireland, please complete the Personal Data Request Form.
For your protection, we will only implement requests with respect to personal information about you and we will need to verify your identity before we act on your request. We will comply with your request as soon as reasonably practicable and in accordance with applicable law.
You will need to provide some photographic identification (i.e., passport or driver's licence) together with proof of address (i.e., utility bill or official letter). These will need to be returned to the Data Protection Officer (DPO), please see section “Complaints, Questions and Assistance”.
DATA TRANSFERS OUTSIDE OF THE EUROPEAN ECONOMIC AREA
Where we transfer your information, we do so in accordance with EU data protection law. We only transfer personal information to these countries when it is necessary for the services, we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your information. We may rely on different legal mechanisms to ensure the transfer is lawful. If the recipient is in a country that is not deemed 'adequate' by the European Commission, we may enter into 'Standard Contractual Clauses (SCCs) with the recipient. These contracts contain standard commitments approved by the European Commission protecting the privacy and security of the information being transferred.
HOW DO WE PROTECT YOUR INFORMATION
Fáilte Ireland will take appropriate legal, organisational and technical measures to protect your personal information. Fáilte Ireland takes it obligations very seriously and we take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:
- SSL;
- Restricted Access;
- IT Authentication;
- Firewalls;
- Anti-Virus/Malware
We adopt the strongest lines in relation to misuse of consumer information by any of its staff. Any breach of trust regarding the confidentiality of information is treated as serious misconduct under the Disciplinary Code and can lead to dismissal.
WHERE THE DATA SUBJECT DOES NOT PROVIDE THEIR PERSONAL DATA
If we cannot collect or process certain personal data, we may not be able to provide a grant or other supports or services. If you have any queries in respect of the consequences of not providing information, please contact us (see the section Complaints, Questions and Assistance).
CHANGES TO THIS PRIVACY STATEMENT
We reserve the right to modify this Privacy Statement at any time. You shall be bound by the then-current Privacy Statement and accordingly, you should review the Privacy Statement periodically. If we make material changes to our Privacy Statement, we will provide you with notice of amendments and update the ‘Last Updated’ date at the top of this Privacy Statement.
COMPLAINTS, QUESTIONS AND ASSISTANCE
If you have any comments, concerns, or complaints about our uses of your personal data, we ask that you contact us first to try and resolve the matter.
You are encouraged to raise any issues with Fiona Buckley (DPO): dataprotection@failoteireland.ie
COMPLAINING TO THE DATA PROTECTION COMMISSION (DPC)
In the event that you wish to make a complaint about how your personal data is processed by Fáilte Ireland or how your complaint has been handles, you have the right to lodge a complaint directly with the Data protection Commission (DPC) or to the Statutory Authority in your country of residence, who will be able to liaise with the Data protection Commission (DPC).
The Data Protection Commission (DPC) can be contacted at:
Post: Data Protection Commission (DPC), Canal House, Station House, Portarlington, Co. Louth.
Telephone: +353 (0) 57 8684800
Telephone: +353 (0) 76 1104800
Lo-Call Number: 1890 252 231
E-mail: info@dataprotection.ie
Schedule 1
We have set out below a list of third parties with whom we share your data.
Bloomreach | Customer data platform and marketing personalisation |
Byrne Wallace Solicitors | Legal Services |
Fexco | Customer service support |
CookieBot | Manages the Cookie Banner and Policy |
Curated Place Limited | Púca Festival Marketing, the website, competitions and Mailchimp |
F&B Dublin | Instagram – User Generated Content on social channels |
Microsoft | Cloud Services Provider |
Meta | We share current email database with Meta so that people who are already subscribed are not retargeted for acquisition |
DEFINITIONS
In this Privacy Statement, the following terms have the following meanings:
- Data Controller means the organisation which determines the purposes for which, and the manner in which, your Personal Data is processed. Unless we inform you otherwise, the Data Controller is Fáilte Ireland, 88-95 Amiens Street, Dublin 1, Ireland.
- Data Processor means the person or organisation which processes your Personal Data on behalf of the Data Controller.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means.